diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-15 16:37:08 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-17 16:30:22 -0600 |
| commit | 45df4d0d9b577fecee798d672695fe24ff57fb1b (patch) | |
| tree | 1b99bf645035b58e0d6db08c7a83521f41f7a75b /vendor/github.com/google/yamlfmt/feature.go | |
| parent | f94f79608393d4ab127db63cc41668445ef6b243 (diff) | |
feat: migrate from Cedar to SpiceDB authorization system
This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.
Key changes:
- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization
This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.
Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.
Diffstat (limited to 'vendor/github.com/google/yamlfmt/feature.go')
| -rw-r--r-- | vendor/github.com/google/yamlfmt/feature.go | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/vendor/github.com/google/yamlfmt/feature.go b/vendor/github.com/google/yamlfmt/feature.go new file mode 100644 index 00000000..af56dda1 --- /dev/null +++ b/vendor/github.com/google/yamlfmt/feature.go @@ -0,0 +1,78 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package yamlfmt + +import ( + "context" + "fmt" +) + +type FeatureFunc func(context.Context, []byte) (context.Context, []byte, error) + +type Feature struct { + Name string + BeforeAction FeatureFunc + AfterAction FeatureFunc +} + +type FeatureList []Feature + +type FeatureApplyMode string + +var ( + FeatureApplyBefore FeatureApplyMode = "Before" + FeatureApplyAfter FeatureApplyMode = "After" +) + +type FeatureApplyError struct { + err error + featureName string + mode FeatureApplyMode +} + +func (e *FeatureApplyError) Error() string { + return fmt.Sprintf("Feature %s %sAction failed with error: %v", e.featureName, e.mode, e.err) +} + +func (e *FeatureApplyError) Unwrap() error { + return e.err +} + +func (fl FeatureList) ApplyFeatures(ctx context.Context, input []byte, mode FeatureApplyMode) (context.Context, []byte, error) { + // Declare err here so the result variable doesn't get shadowed in the loop + var err error + result := make([]byte, len(input)) + copy(result, input) + for _, feature := range fl { + if mode == FeatureApplyBefore { + if feature.BeforeAction != nil { + ctx, result, err = feature.BeforeAction(ctx, result) + } + } else { + if feature.AfterAction != nil { + ctx, result, err = feature.AfterAction(ctx, result) + } + } + + if err != nil { + return ctx, nil, &FeatureApplyError{ + err: err, + featureName: feature.Name, + mode: mode, + } + } + } + return ctx, result, nil +} |